hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Catch another encryption clue.

Browse Source
This commit is contained in:
Geoffrey White
2022-01-21 15:32:25 +00:00
parent 97447d0b3a
commit 0b98397e9b
3 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
View File

@@ -171,6 +171,11 @@ class Encrypted extends Expr {
this = fc.getAnArgument()
)
)
or
exists(Type t |
this.getType().refersTo(t) and
t.getName().toLowerCase().regexpMatch(".*(crypt|encode|decode|hash|securezero).*")
)
}
}

5
cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected
View File

@@ -87,6 +87,8 @@ edges
| test3.cpp:366:8:366:15 | password | test3.cpp:374:20:374:27 | password |
| test3.cpp:386:8:386:15 | password | test3.cpp:388:15:388:22 | password |
| test3.cpp:398:18:398:25 | password | test3.cpp:400:15:400:23 | & ... |
| test3.cpp:398:18:398:25 | password | test3.cpp:400:16:400:23 | password |
| test3.cpp:398:18:398:25 | password | test3.cpp:400:33:400:40 | password |
| test.cpp:41:23:41:43 | cleartext password! | test.cpp:48:21:48:27 | call to encrypt |
| test.cpp:41:23:41:43 | cleartext password! | test.cpp:48:29:48:39 | thePassword |
| test.cpp:66:23:66:43 | cleartext password! | test.cpp:76:21:76:27 | call to encrypt |
@@ -204,6 +206,8 @@ nodes
| test3.cpp:388:15:388:22 | password | semmle.label | password |
| test3.cpp:398:18:398:25 | password | semmle.label | password |
| test3.cpp:400:15:400:23 | & ... | semmle.label | & ... |
| test3.cpp:400:16:400:23 | password | semmle.label | password |
| test3.cpp:400:33:400:40 | password | semmle.label | password |
| test.cpp:41:23:41:43 | cleartext password! | semmle.label | cleartext password! |
| test.cpp:48:21:48:27 | call to encrypt | semmle.label | call to encrypt |
| test.cpp:48:29:48:39 | thePassword | semmle.label | thePassword |
@@ -234,4 +238,3 @@ subpaths
| test3.cpp:300:2:300:5 | call to send | test3.cpp:308:58:308:66 | password2 | test3.cpp:300:14:300:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@ | test3.cpp:308:58:308:66 | password2 | password2 |
| test3.cpp:341:4:341:7 | call to recv | test3.cpp:339:9:339:16 | password | test3.cpp:341:16:341:23 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@ | test3.cpp:339:9:339:16 | password | password |
| test3.cpp:388:3:388:6 | call to recv | test3.cpp:386:8:386:15 | password | test3.cpp:388:15:388:22 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@ | test3.cpp:386:8:386:15 | password | password |
| test3.cpp:400:3:400:6 | call to recv | test3.cpp:398:18:398:25 | password | test3.cpp:400:15:400:23 | & ... | This operation receives into '& ...', which may put unencrypted sensitive data into $@ | test3.cpp:398:18:398:25 | password | password |

2
cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/test3.cpp
View File

@@ -397,7 +397,7 @@ void test_more_clues()
{
encrypted_data password;
recv(val(), &password, sizeof(password), val()); // GOOD: password is (probably) encrypted [FALSE POSITIVE]
recv(val(), &password, sizeof(password), val()); // GOOD: password is (probably) encrypted
}
}